SigmaHQ/pySigma-backend-splunk issues and pull requests

#43 - Directly interact with savedsearches.conf fields when using the savedsearches format

Issue - State: open - Opened by joshnck 22 days ago - 1 comment

#42 - Problem in logical operator execution order : WHERE vs SEARCH

Issue - State: open - Opened by IgorHrkswxryski 30 days ago - 1 comment
Labels: bug

#41 - Convert correlation in savedsearches mode

Issue - State: open - Opened by IgorHrkswxryski about 2 months ago - 1 comment
Labels: bug

#40 - Request: Using the fields: key to define the values() from a |stats command in correlation searches

Issue - State: open - Opened by joshnck 3 months ago

#39 - Question: Using stats instead of table for the fields field

Issue - State: closed - Opened by burnsn1 3 months ago - 1 comment

#38 - Add support for Web.Proxy Splunk data model

Pull Request - State: closed - Opened by RolandRoure 3 months ago

#37 - adding Oring regexes

Pull Request - State: closed - Opened by arblade 3 months ago

#36 - Update test.yml

Pull Request - State: closed - Opened by frack113 4 months ago

#35 - ORing modifier `CIDR` error

Issue - State: open - Opened by frack113 4 months ago
Labels: bug

#34 - Does an output "saved searches as dict" make sense?

Issue - State: closed - Opened by jabrcks 5 months ago - 1 comment

#33 - Adding custom cim mapping kv

Issue - State: closed - Opened by IgorHrkswxryski 5 months ago - 1 comment

#32 - Correlation rule support

Pull Request - State: closed - Opened by thomaspatzke 5 months ago

#31 - build: 📦 Update dependencies version

Pull Request - State: closed - Opened by frack113 5 months ago

#30 - Splunk backend seems to not support correlation rules

Issue - State: closed - Opened by IgorHrkswxryski 5 months ago - 1 comment

#29 - Splunk backend allegedly doesn't support or conditions in regex, but fails to detect them (and for some reason creates a newline before | regex)

Issue - State: open - Opened by joshnck 6 months ago - 1 comment
Labels: bug

#28 - Update poetry

Pull Request - State: closed - Opened by frack113 7 months ago

#27 - Question: How to avoid processing the fields?

Issue - State: open - Opened by 0xFustang 9 months ago - 2 comments
Labels: enhancement

#26 - [Question] How to transform/override the data model name?

Issue - State: closed - Opened by 0xFustang 9 months ago - 4 comments

#25 - New output format: accelerated datamodel query in a savedsearches.conf file

Pull Request - State: closed - Opened by 0x616c6578 10 months ago - 2 comments

#24 - done

Issue - State: closed - Opened by F0r3nsick 10 months ago

#23 - Enhancement: add OriginalFileName

Issue - State: closed - Opened by gs3cl 10 months ago - 3 comments

#21 - Original file name addition

Pull Request - State: closed - Opened by Rivosyke about 1 year ago - 1 comment

#20 - Field Mapping: Add OriginalFileName -> Processes.original_file_name

Issue - State: closed - Opened by Rivosyke about 1 year ago - 3 comments

#19 - Enhancement: Handle Sigma correlations in pySigma-backend-splunk

Issue - State: closed - Opened by jabrcks over 1 year ago - 2 comments
Labels: enhancement

#17 - Field mapping : "Image" field not converted for Splunk

Issue - State: closed - Opened by Enarior over 1 year ago - 5 comments

#16 - Support custom Splunk commands

Issue - State: closed - Opened by ericzinnikas over 1 year ago - 1 comment
Labels: wontfix

#15 - [sigmac] [splunk] Unescaped . in query

Issue - State: open - Opened by phantinuss almost 2 years ago - 6 comments
Labels: bug

#14 - Custom savedsearch.conf settings

Pull Request - State: closed - Opened by ericzinnikas over 1 year ago - 2 comments

#13 - Use rule fields to generate 'table' search output

Pull Request - State: closed - Opened by ericzinnikas over 1 year ago - 1 comment

#12 - Support for using rule fields to generate "table" output

Issue - State: closed - Opened by ericzinnikas over 1 year ago

#11 - Support for cron_schedule, earliest_time, latest_time

Issue - State: closed - Opened by ericzinnikas over 1 year ago - 3 comments
Labels: enhancement

#10 - Multiple sub-rules, detecting only one of them.

Issue - State: closed - Opened by jonathan-s almost 2 years ago - 1 comment

#9 - Include alert descriptions in savedsearch output

Pull Request - State: closed - Opened by ericzinnikas almost 2 years ago - 1 comment

#8 - Converting rules gives wrong results

Issue - State: closed - Opened by jonathan-s almost 2 years ago - 4 comments

#7 - Single quoting of field names breaking SPL

Issue - State: closed - Opened by xv-nathan-h almost 2 years ago - 4 comments

#5 - TypeError: object of type 'int' has no len()

Issue - State: closed - Opened by jonathan-s about 2 years ago - 1 comment

#4 - Added initiliazation and condition to avoid UbuoundLocalError

Pull Request - State: closed - Opened by elhoim about 2 years ago

#3 - Add repository

Pull Request - State: closed - Opened by fabaff about 2 years ago

#2 - Sigma Backend Splunk data model support

Pull Request - State: closed - Opened by P4T12ICK about 2 years ago

#1 - escape backslashes

Pull Request - State: closed - Opened by M3NIX over 2 years ago - 1 comment

GitHub / SigmaHQ/pySigma-backend-splunk issues and pull requests